Information regarding a highly critical remote BIND issue affecting 9.7, 9.8 and 9.9 has surfaced, affecting millions of DNS servers around the globe. It’s been marked as Critical and is remote exploitable. When exploited, it causes a DoS.

“A flaw in a library used by BIND 9.7, 9.8, and 9.9, when compiled on Unix and related operating systems, allows an attacker to deliberately cause excessive memory consumption by the named process, potentially resulting in exhaustion of memory resources on the affected server. This condition can crash BIND 9 and will likely severely affect operation of other programs running on the same machine.”

Patching this issue should be on the absolute top of the priority list for anyone running BIND.

As you can see, this newsletter does not look like the ones before! From now on, we will post the top 5 links that catch our interest each Friday (or earlier in the week, in case of holidays). Then, on the last week of the month, we will present a more extensive where we go through the major events of the month and present some security tips (much like the previous newsletters).

PS: Those of you who are heading out on the road during the easter holiday can have a look at this blog post for some tips regarding mobile security: http://blog.basefarm.com/blog/2012/12/21/mobile-security/ —

Weekly summary Multiple South Korean banks and broadcasters were hit by a group of unknown hackers going by the name of “Whois Team”, and there are of course rumors going around that they’re originating from North Korea. In response to the remark made by Google last week Microsoft, too, Says FBI secretly is surveilling their customers. Krebs followed up on the story he released last week when cyber criminals had targeted him, disclosing how he tracked the attackers and even did an interview with them. NATO also released their Cyber War Manual, detailing rule sets that should be followed in future Cyber Wars. A video has also been floating around, showing a perpetrator in Russia who manages to install and run 3rd party software on an ATM (the choice of software in this case was Angry Birds).

Security tips Google has released a site with information on what to do if your site has been hacked. It goes through steps to follow in case your site has been hacked and touch base on things such as contacting your hosting company (beginner) to quarantine your site (intermediate) and identifying the vulnerability (advanced).

iOS 6.1.3 has been released, and fixes six security issues (for example the “partly unlock your iphone without entering your code” issue and and a flaw in WebKit that can be used to execute arbitrary code). It’s recommended to update as soon as possible. You can update by going to Settings, General, Software Update and then download the latest version.

There are new versions of ruby on rails released, and the version you are running should be updated as soon as possible to avoid malicious users exploiting one or more of known vulnerabilities that are fixed in these releases.

Information from the Rails team:

Hi everyone!

Rails versions 3.2.13, 3.1.12, and 2.3.18 have been released. These releases contain important security fixes. It is recommended users upgrade as soon as possible.

Apple has released security updates for OS X (v10.8.3), security update 2013-001 and security updates for Safari Webkit 6.0.3 to address multiple vulnerabilities. The vulnerabilities could potentially allow remote attackers to execute arbitrary code, bypass authentication, leverage additional attacks, cause a denial-of-service condition, obtain sensitive information or have an unexpected application termination or arbitrary code execution by visiting a maliciously crafted website. It is recommended that you update your software to the latest versions through the use of Software Update.

Weekly summary The big headlines this week has been how security expert Brian Krebs was targeted by criminals who amongst other things took down his site and had police raid his house. Google has also released information on how FBI is secretly spying on some of its customers, and a Reuters Editor has been indicted for allegedly helping hackers break into Tribune Co. Facebook also released information on how the hack didn’t have as much impact as it could have had – due to the amount of preparations they had taken for these occurances.

Security tips The tip of this week is to turn on “Click-to-play”. This means that in order to have a Flash video or Java applet run on a website, you’ll need to press a button to confirm you want to run this. This means that no hidden flash objects or java applets that can cause issues on your computer will launch automatically.

Adobe has released security updates for Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.273 and earlier versions for Linux, Adobe Flash Player 11.1.115.47 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Weekly summary Evernote was the highest profile victim of an attack this week. The attack on their systems meant that 50 million account names and encrypted passwords were stolen. USA has also become the world’s leading spam-relayer. This most likely doesn’t mean that there is a kingpin spammer in USA, but what it does show is that there is a large amount of hijacked computers being used for this. USA it’s not the number one malware infected country (China was 2012 according to PandaLabs), but there are reasons such as IPs from USA is less likely to be blacklisted as easily as well as speeds between email providers are likely to be higher from USA than China. More information about the zero-day-exploiting malware MiniDuke has also surfaced. It appears that MiniDuke has been running its cyber-espionage campaign around since mid 2011, and appears to have targeting governments in countries such as Belgium, Unites States and Ireland. The Dubai Police made arrests this with in regards to a cyber crime gang who were able to transfer more than $2m from Dubai Exchange companies’ accounts, while Bank Muscat in Oman was hit by $39m ATM cash-out heist which most likely happened due to the hackers being able to duplicate a set of pre-paid Travel Cards. The first couple of days of the Pwn2Own has also taken place. Pwn2Own, which is being co-sponsored by HP this year, is a yealy competition where security researchers attempt to be the first to exploit software, with resulting prize money for doing so. So far, over $270K has been given out to people who managed to exploit IE10, Chrome 25, Firefox 19, and Java 7.

Security tips We’d like to remind everyone of the importance of not reusing any of your passwords. Doing so could mean that you end up losing a great deal of things. Let’s say I’m using X and I have the same password on my email account Z and Website X. I signed up to Website X with my email account, which means that if Website X is hacked and my password decrypted (it’s not even certain they will have encrypted my password) then that means that they will be able to access my email account as well from there. By having access to my email account they could for example gain further access to other services by doing password resets or pretend to be me and send out malware.

This is one of the reasons why we suggest that you create complex and unique passwords for every site you use. It’s understandable that you can’t remember these kind of passwords, but don’t worry – there are tools for this which means you only have to remember one single passphrase in order to gain access to your password vault.

My personal preference is 1Password Pro which has got a stand-alone client as well as a web interface. It also got plugins for IE, Chrome and Firefox which makes signing into accounts a breeze. Those who prefer to use free and open source can use KeePass Password Safe. I believe it lacks a bit of functionality, but it’s got a lot of plugins/extensions that you can use to further its use.